I was honest up front about my being a stupid newbie :). 

Also, being new to linux, I'm awash in documentation. "Next task" has become 
synonymous with "read 5 pages of docs". Little things, like figuring out that I had to 
EXPORT the cvshost environment variable for example, takes 20 minutes!  Reading all 
the boot process documentation to get at rc.local was nearly an hour :).

I had read "most" of the ntop docs .. It's just that, being a stupid newbie, I have a 
limit on how much I can actually absorb and then apply.

That single "eureka!" moment makes it all worthwhile :)

Anyways, this is just an extremely long winded thanks!

Thanks,
Jon.

--------------------------
Sent from my BlackBerry Wireless Handheld


-----Original Message-----
From: Burton M. Strauss III <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED] <[EMAIL PROTECTED]>
Sent: Tue Jun 15 17:22:38 2004
Subject: RE: [Ntop] ntop newbie

Nope, that's the right answer, as I said in my other reply, READ the
docs/FAQ file.
-----Burton

> -----Original Message-----
> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of
> Jon Garlock
> Sent: Tuesday, June 15, 2004 4:06 PM
> To: [EMAIL PROTECTED]
> Subject: RE: [Ntop] ntop newbie
>
>
>
> And maybe I solved all my stupid newbie questions :)
>
> I believe this was some type of problem related to MAC addresses.
> Anything to/from that router would have the MAC of that router, no?
>
> Well, I added "-o" to test my "stupid newbie" theory.  And now I'm
> seeing all the "remote" hosts from our "spoke" offices the way I wanted
> to see them.
>
> My only fear now is that I'm just happening to get "lucky", and that
> there are other causes/effects I'm not taking into account.  Any tips,
> hand holding, or pats on the back appreciated :)
>
> Thanks,
> Jon.
>
> -----Original Message-----
> From: Jon Garlock
> Sent: Tuesday, June 15, 2004 3:19 PM
> To: '[EMAIL PROTECTED]'
> Subject: RE: [Ntop] ntop newbie
>
>
> Ok, I have an update to my own stupid question.
>
> The "dns" portion of this issue resolves itself in time.  After ~10
> minutes (? Guessing), ntop replaces that random machine name with the
> actual dns name of that router.
>
> However, I still do not see any of the traffic from the remote sites.
> It's all associated with the IP address of the router (either that, or
> that router is one busy web surfer!  Lots of AIM pals, too! Heh).
>
> Thanks,
> Jon.
>
> -----Original Message-----
> From: Jon Garlock
> Sent: Tuesday, June 15, 2004 2:55 PM
> To: [EMAIL PROTECTED]
> Subject: [Ntop] ntop newbie
>
> I have what is very likely an extremely basic ntop question.  Apologies
> in advance.  I've recently dumped the win32 version in favor of the
> Linux version, and it's working _extremely_ well.  Course, I have very
> little experience in this area, so it takes me 20 minutes to figure out
> things like "ps ax" and kill :)  So it's not that I'm adverse to reading
> documentation ..
>
> Anyways, my question/issue.  I might be giving more data than required,
> or not enough for that matter, who knows.  Not me - else why would I
> mail? heh
>
> We're currently a "hub and spokes" topology.  Large HQ site (me), about
> 10 remote sites.  HQ is about 4x as large as anybody else.
>
> I'm running ntop 3.0.051 on redhat fedora core 2.  This box is plugged
> into a hub.  Also in the hub is a patch to our backbone, and a patch to
> our firewall.   ntop is started with -d, -u and -m.  I list all the
> subnets for our various offices after -m, separated by commas (ie;
> 10.0.0.0/16, 10.1.0.0/16, etc).
>
> With that out of the way, here's the issue:  for some reason, the IP
> address for the router which is our default gateway in the HQ office is
> assigned some random users DNS name.  All traffic coming from that
> primary router gets assigned to this person/IP.
>
> Did that make sense?  I'll add a bit more detail, because even I'm not
> sure I understand my own english here.
>
> Lets say the IP address for the primary gateway router (a cisco 3745, if
> that matters) is 10.0.0.1.  ntop starts, and in any of the traffic
> reports, 10.0.0.1 is assigned some other DNS name .. lets say jgarlockxp
> .. in all the reports.  It appears as if ANY traffic from ANY remote
> office is "assigned"/attributed to this IP.  Sure makes them seem damned
> busy on the net!
>
> Any idea why this is?  Are there config changes I can do to resolve
> this?  I'm just looking for the top network (well, internet) users in
> our enterprise.
>
> Thanks,
>
> Jon Garlock
>
>
> J.H. Cohn LLP
> 75 Eisenhower Parkway
> Roseland, NJ 07068
> tel (973) 403-7961
>
> www.JHCohn.com <http://www.jhcohn.com/> "Your Source for Business
> Solutions"
> --------------------------------------------------------
> The information in this transmission is privileged and
> confidential and intended only for the recipient listed above. If
> you are not the intended recipient, please advise the sender
> immediately by reply e-mail and delete this message and any
> attachments without retaining a copy. If you are not the intended
> recipient, you are hereby notified that any disclosure, copying
> or distribution of this message, or the taking of any action
> based upon it, is strictly prohibited.
> Thank you.
>
>
>
> _______________________________________________
> Ntop mailing list
> [EMAIL PROTECTED]
> http://listgateway.unipi.it/mailman/listinfo/ntop

_______________________________________________
Ntop mailing list
[EMAIL PROTECTED]
http://listgateway.unipi.it/mailman/listinfo/ntop

_______________________________________________
Ntop mailing list
[EMAIL PROTECTED]
http://listgateway.unipi.it/mailman/listinfo/ntop

Reply via email to